Information security tips and tricks for both home and business users

OWASP Mobile Security Project

If you’ve ever talked infosec with me, you’ve no doubt noticed that I love the OWASP Top 10 Project. Every few years, they update their list of the 10 most significant web application security risks to help provide developers and security testers with guidance on how to protect web applications.

What you may not know is that they have a separate OWASP Mobile Security Project that tracks their top 10 list of mobile risks. The current list includes:

M1 – Insecure Data Storage

M2 – Weak Server Side Controls

M3 – Insufficient Transport Layer Protection

M4 – Client Side Injection

M5 – Poor Authorization and Authentication

M6 – Improper Session Handling

M7 – Security Decisions Via Untrusted Inputs

M8 – Side Channel Data Leakage

M9 – Broken Cryptography

M10 – Sensitive Information Disclosure

If you’re a mobile app developer, or if you work for a company that develops their own mobile apps. check it out. For the short version, you could check out their SlideShare presentation or watch their YouTube video.